Ubuntu
redis package

redis 5:7.0.12-1 source package in Ubuntu

Changelog

redis (5:7.0.12-1) unstable; urgency=high

  * New upstream security release:

    - CVE-2022-24834: A specially-crafted Lua script executing in Redis could
      have triggered a heap overflow in the cjson and cmsgpack libraries and
      result in heap corruption and potentially remote code execution. The
      problem exists in all versions of Redis with Lua scripting support and
      affects only authenticated/authorised users.

    - CVE-2023-36824: Extracting key names from a command and a list of
      arguments may, in some cases, have triggered a heap overflow and result
      in reading random heap memory, heap corruption and potentially remote
      code execution. (Specifically using COMMAND GETKEYS* and validation of
      key names in ACL rules). (Closes: #1040879)

    For more information, please see:

      <https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES>

 -- Chris Lamb <email address hidden>  Wed, 12 Jul 2023 10:07:09 +0100

Upload details

Uploaded by:
lamby
Uploaded to:
Sid
Original maintainer:
lamby
Architectures:
any all
Section:
database
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Mantic release universe misc

Downloads

File Size SHA-256 Checksum
redis_7.0.12-1.dsc 2.2 KiB e011831d24088b9d946cbe0e9422663adbf52197d51293fb00b55f01d8a073f9
redis_7.0.12.orig.tar.gz 2.9 MiB 13d4689454e29e7b9f1161b544e6d08b0ddd27d057859fde7b1916869b3bf701
redis_7.0.12-1.debian.tar.xz 27.9 KiB dd8db40f47f60e78514166de827f1e6802c7eaa181f4da17f2eeac743f4bc8b9

Available diffs

No changes file available.

Binary packages built by this source

redis: Persistent key-value database with network interface (metapackage)

 Redis is a key-value database in a similar vein to memcache but the dataset
 is non-volatile. Redis additionally provides native support for atomically
 manipulating and querying data structures such as lists and sets.
 .
 The dataset is stored entirely in memory and periodically flushed to disk.
 .
 This package depends on the redis-server package.

redis-sentinel: Persistent key-value database with network interface (monitoring)

 Redis is a key-value database in a similar vein to memcache but the dataset
 is non-volatile. Redis additionally provides native support for atomically
 manipulating and querying data structures such as lists and sets.
 .
 This package contains the Redis Sentinel monitoring software.

redis-server: Persistent key-value database with network interface

 Redis is a key-value database in a similar vein to memcache but the dataset
 is non-volatile. Redis additionally provides native support for atomically
 manipulating and querying data structures such as lists and sets.
 .
 The dataset is stored entirely in memory and periodically flushed to disk.

redis-tools: Persistent key-value database with network interface (client)

 Redis is a key-value database in a similar vein to memcache but the dataset
 is non-volatile. Redis additionally provides native support for atomically
 manipulating and querying data structures such as lists and sets.
 .
 This package contains the command line client and other tools.

redis-tools-dbgsym: debug symbols for redis-tools